* rsa.c (rsa_check_size): Changed argument to an mpz_t. Updated

callers.
(rsa_prepare_private_key): Compute the size of the key by
computing n = p * q.

* rsa.c (rsa_check_size): New function, for computing and checking
the size of the modulo in octets.
(rsa_prepare_public_key): Usa rsa_check_size.
(rsa_init_private_key): Removed code handling n, e and d.
(rsa_clear_private_key): Likewise.
(rsa_compute_root): Always use CRT.

Rev: src/nettle/rsa.c:1.5

rsa.c

@@ -59,10 +59,10 @@ rsa_clear_public_key(struct rsa_public_key *key)
  * Returns 0 if the modulo is too small to be useful. */
 
 static unsigned
-rsa_check_size(unsigned bits)
+rsa_check_size(mpz_t n)
 {
   /* Round upwards */
-  unsigned size = (bits + 7) / 8;
+  unsigned size = (mpz_sizeinbase(n, 2) + 7) / 8;
 
   /* For PKCS#1 to make sense, the size of the modulo, in octets, must
    * be at least 11 + the length of the DER-encoded Digest Info.
@@ -86,7 +86,7 @@ rsa_prepare_public_key(struct rsa_public_key *key)
     return 0;
 #endif
   
-  key->size = rsa_check_size(mpz_sizeinbase(key->n, 2));
+  key->size = rsa_check_size(key->n);
   
   return (key->size > 0);
 }
@@ -120,10 +120,19 @@ rsa_prepare_private_key(struct rsa_private_key *key)
 {
   /* FIXME: Add further sanity checks. */
 
-  /* The size of the product is the sum of the sizes of the factors. */
-  key->size = rsa_check_size(mpz_sizeinbase(key->p, 2)
-			     + mpz_sizeinbase(key->p, 2));
+  mpz_t n;
+  
+  /* The size of the product is the sum of the sizes of the factors,
+   * or sometimes one less. It's possible but tricky to compute the
+   * size without computing the full product. */
+
+  mpz_init(n);
+  mpz_mul(n, key->p, key->q);
 
+  key->size = rsa_check_size(n);
+
+  mpz_clear(n);
+  
   return (key->size > 0);
 }